BSP orders banks to beef up defenses vs cyber attacks

The Bangko Sentral ng Pilipinas yesterday said the global ransomware attack over the weekend had no impact on any Philippine financial institution even as it urged all banks and nonbanks to step up their defenses.

Last April, the BSP ordered all financial institutions in the country to implement MFA, especially for sensitive transactions, by September amid bigger risks coming from cyber attacks.

The BSP earlier explained that the MFA employed a combination of at least two authentication factors, namely inherence or something that is inherent to the user such as fingerprint and retinal pattern; knowledge or something that the user knows such as password or PIN, and possession or something that the user has in his/her possession, including payment card or a one-time password generated through a security token or sent via SMS.

The MFA “provides for a more reliable authentication method and a stronger fraud deterrent mechanism that limits unauthorized access,” the BSP had said.

In a new memorandum issued just last Monday, the BSP reiterated the need to beef up cyber defenses in light of the recent global ransomware attacks.

“With the alarming proliferation of ransomware, BSP-supervised financial institutions are at an increased risk of loss or unauthorized disclosure of proprietary or sensitive information, operational disruptions, financial losses incurred to restore affected systems and reputational damage. Given the perceived anonymity of threat actors in perpetrating ransom payment schemes, ransomware remains a viable threat that is expected to evolve to more sophisticated and destructive forms, such as crypto-ransom ware. Web-based applications, including legitimate cloud-based services, are particularly vulnerable to this type of threat,” Espenilla said in Memorandum No. M-2017-018 issued on May 15.

“In this regard, BSP-supervised financial institutions are advised to heighten their vigilance and ensure that robust protection against ransomware is in place. BSP-supervised financial institutions should provide multiple layers of defenses by implementing appropriate controls at the host, network, and endpoint level to prevent and detect malicious codes,” Espenilla said. — BEN O. DE VERA, Philippine Daily Inquirer

Message from the President

GIOVANNI D. GABRIENTOPresident, FY 2017-2018

The incumbent Board of Directors of the Rural Bankers Association of the Philippines is humbled with the great honor to serve the industry as we embraced the challenge to formulate and implement programs for our members.

DAVAO CITY — The Asian Development Bank (ADB) is set to roll out a five-year financial inclusion program that will tap rural banks as the window for loans to the poor. Kelly Bird, ADB country director for the Philippines, said in an interview with BusinessWorld here last week that the ADB is final...